fix: disable SC1091 globally and remove source-path=SCRIPTDIR from .shellcheckrc

[marcusquinn]

Summary

• Removes source-path=SCRIPTDIR from .shellcheckrc — the root cause of exponential memory expansion (11 GB RSS, kernel panics, 73 zombie processes) when combined with --external-sources (-x)
• Adds disable=SC1091 globally — SC1091 is an info-level hint that ShellCheck cannot follow a sourced file, not a real error. 255 of 404 scripts use dynamic paths (${SCRIPT_DIR}/foo.sh) that ShellCheck cannot resolve regardless
• Removes -x and -P SCRIPTDIR flags from linters-local.sh shellcheck invocations
• Updates comments in pulse-wrapper.sh, shellcheck-wrapper.sh, memory-pressure-monitor.sh

Why

The previous fix for SC1091 noise (PR #2427, t1344) added source-path=SCRIPTDIR to .shellcheckrc. This solved a cosmetic problem (info-level warnings) but created a catastrophic one: when bash-language-server hardcodes --external-sources, ShellCheck recursively follows source directives across 460+ scripts, causing exponential memory growth.

Multiple defense-in-depth layers were added (PR #2885, #2918, #2923, #2937) to contain the damage — but the root cause remained in .shellcheckrc. This PR removes it.

Defense-in-depth layers (all remain active)

1. shellcheck-wrapper.sh strips --external-sources from bash-language-server invocations
2. SHELLCHECK_PATH in .zshenv routes through the wrapper for non-interactive shells
3. Per-file timeouts (30s) in linters-local.sh
4. ulimit -v (1 GB) caps virtual memory per shellcheck subprocess
5. process-guard-helper.sh kills shellcheck processes exceeding 512 MB RSS
6. pulse-wrapper.sh uses --norc for quality sweeps

Verified

• shellcheck -x completes instantly with no memory expansion when source-path=SCRIPTDIR is absent
• SC1091 warnings are fully suppressed by the global disable
• All modified scripts pass shellcheck and bash -n syntax check

Related

Closes #2915

Previous fixes in the incident chain:

• PR GH#2915: fix ShellCheck memory explosion from language server (11 GB RSS, kernel panics) #2918 — shellcheck-wrapper.sh + process guard
• PR t1398.2: Harden ShellCheck invocation to prevent exponential expansion #2885 — harden shellcheck invocation (--norc, timeouts)
• PR fix: write SHELLCHECK_PATH to .zshenv for non-interactive shell coverage #2937 — .zshenv fix for non-interactive shells
• PR t1344: Fix ShellCheck SC1091 noise from sourced files #2427 — original SC1091 fix that introduced source-path=SCRIPTDIR

Note: The upstream hazard remains for other opencode/shellcheck users. See anomalyco/opencode#16209 for the suggested upstream fix.

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 28 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: abb138a2-4b2e-477e-97a7-4c700eb5ba76

📥 Commits

Reviewing files that changed from the base of the PR and between 3116f8b and 70c9301.

📒 Files selected for processing (5)

• .agents/scripts/linters-local.sh
• .agents/scripts/memory-pressure-monitor.sh
• .agents/scripts/pulse-wrapper.sh
• .agents/scripts/shellcheck-wrapper.sh
• .shellcheckrc

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/disable-sc1091-source-path

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical memory consumption issue with ShellCheck by refactoring its configuration and invocation parameters. The primary goal is to eliminate exponential memory growth and kernel panics caused by ShellCheck's recursive source following, while also managing the SC1091 warnings more effectively. The changes ensure that ShellCheck operates efficiently without sacrificing the existing defense-in-depth mechanisms.

Highlights

• ShellCheck Configuration: Removed source-path=SCRIPTDIR from .shellcheckrc, which was identified as the root cause of exponential memory expansion when combined with --external-sources.
• SC1091 Warning Suppression: Added disable=SC1091 globally to .shellcheckrc to suppress info-level warnings that ShellCheck cannot resolve due to dynamic paths.
• ShellCheck Invocation Flags: Removed -x (--external-sources) and -P SCRIPTDIR flags from shellcheck invocations within linters-local.sh.
• Documentation Updates: Updated comments in pulse-wrapper.sh, shellcheck-wrapper.sh, and memory-pressure-monitor.sh to reflect the new ShellCheck configuration and the rationale behind the changes.

Changelog

• .agents/scripts/linters-local.sh
  • Removed -x and -P SCRIPTDIR flags from the shellcheck command.
  • Updated comments to explain the removal of source following and the global SC1091 disable.
• .agents/scripts/memory-pressure-monitor.sh
  • Updated comments to clarify that the root cause of memory issues (source-path=SCRIPTDIR) has been removed, and the monitor now serves as defense-in-depth.
• .agents/scripts/pulse-wrapper.sh
  • Updated comments to reflect that SC1091 is globally disabled and source-path=SCRIPTDIR has been removed, while existing defense mechanisms remain.
• .agents/scripts/shellcheck-wrapper.sh
  • Updated comments to explain that despite the removal of source-path=SCRIPTDIR and global SC1091 disable, the wrapper continues to strip --external-sources as a defense-in-depth measure.
• .shellcheckrc
  • Removed the source-path=SCRIPTDIR directive.
  • Added disable=SC1091 to the global disable list.
  • Rewrote comments to detail the rationale for disabling SC1091 and removing source-path, citing the memory expansion issues.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request provides a well-reasoned fix for a critical performance issue related to shellcheck's memory consumption. The changes correctly identify and remove the root cause by eliminating source-path=SCRIPTDIR from .shellcheckrc and disabling the SC1091 check globally. The related shellcheck command-line invocations are updated accordingly, and comments across several scripts are modified to accurately document the new strategy. The changes are consistent, targeted, and effectively resolve the described problem. I have reviewed the modifications and have no further feedback.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 108 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Mar 5 18:35:11 UTC 2026: Code review monitoring started
Thu Mar 5 18:35:12 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 108

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 108
• VULNERABILITIES: 0

Generated on: Thu Mar 5 18:35:14 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud